{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2024-3387","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-11T00:24:58.472Z","generator":{"date":"2026-04-11T00:24:58.472Z","engine":{"name":"vulnogram","version":"0.1.0-rc1"}},"id":"CVE-2024-3387","initial_release_date":"2024-04-10T16:00:00.000Z","revision_history":[{"number":"1","date":"2024-04-10T09:00:00.000Z","summary":"Initial publication"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"PAN-OS","category":"product_name","branches":[{"category":"product_version","name":"PAN-OS 9.0 All","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-162"}},{"category":"product_version","name":"PAN-OS 9.1 All","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-160"}},{"category":"product_version","name":"PAN-OS 11.1 All","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-159"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<10.1.12","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-213"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.1.12","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-213"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<10.2.7-h3","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-211"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.7-h3","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-211"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=10.2.8","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-166"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<11.0.4","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-182"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=11.0.4","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-182"}}]},{"name":"Cloud NGFW","category":"product_name","branches":[{"category":"product_version","name":"Cloud NGFW All","product":{"name":"Palo Alto Networks Cloud NGFW","product_id":"PANW-Cloud-NGFW-1"}}]},{"name":"Prisma Access","category":"product_name","branches":[{"category":"product_version","name":"Prisma Access All","product":{"name":"Palo Alto Networks Prisma Access","product_id":"PANW-Prisma-Access-1"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2024-3387","product_status":{"fixed":["PANW-PAN-OS-213","PANW-PAN-OS-211","PANW-PAN-OS-166","PANW-PAN-OS-182"],"known_affected":["PANW-PAN-OS-213","PANW-PAN-OS-211","PANW-PAN-OS-182"],"known_not_affected":["PANW-PAN-OS-162","PANW-PAN-OS-160","PANW-PAN-OS-159","PANW-Cloud-NGFW-1","PANW-Prisma-Access-1"]},"notes":[{"category":"description","text":"A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls."}],"references":[{"category":"external","summary":"NVD - CVE-2024-3387","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3387"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2024-3387","url":"https://security.paloaltonetworks.com/CVE-2024-3387"}],"threats":[{"category":"impact","description":"A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls."}],"scores":[{"cvss_v4":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","baseSeverity":"MEDIUM","baseScore":6,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:C/RE:M/U:Amber"},"products":["PANW-PAN-OS-213","PANW-PAN-OS-211","PANW-PAN-OS-182"]}]}]}